Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/581183-7a83-4cab-bd8b-3b068db41140/1/nN_zth4zPKd_5u8eXbKgVxxNgpU.roa
File: nN_zth4zPKd_5u8eXbKgVxxNgpU.roa (raw, json)
Hash identifier: fYd0D/qMuM9A5jDRly2LfP2prxzSj9ZxQKTRQ0yiS8Q=
Subject key identifier: 9C:DF:F3:B6:1E:33:3C:A7:7F:E6:EF:1E:5D:B2:A0:57:1C:4D:82:95
Certificate issuer: /CN=8736e9b1d01474af2c3e4f8c20f461d136801949
Certificate serial: 019427B591FC3331440145F0B5F5D4FD8F87
Authority key identifier: 87:36:E9:B1:D0:14:74:AF:2C:3E:4F:8C:20:F4:61:D1:36:80:19:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hzbpsdAUdK8sPk-MIPRh0TaAGUk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/93/581183-7a83-4cab-bd8b-3b068db41140/1/nN_zth4zPKd_5u8eXbKgVxxNgpU.roa
Signing time: Thu 02 Jan 2025 15:49:58 +0000
ROA not before: Thu 02 Jan 2025 15:49:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 33915
IP address blocks: 145.79.0.0/16 maxlen: 24
145.79.32.0/21 maxlen: 21
145.79.200.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:91:fc:33:31:44:01:45:f0:b5:f5:d4:fd:8f:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8736e9b1d01474af2c3e4f8c20f461d136801949
Validity
Not Before: Jan 2 15:49:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9cdff3b61e333ca77fe6ef1e5db2a0571c4d8295
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:3c:1f:12:29:6c:d6:4b:e5:5d:23:8e:e7:ca:
d3:fc:d2:7b:ad:f8:a9:d5:fb:73:09:97:24:81:82:
c9:ea:70:a6:f1:71:34:a4:90:2f:b7:d6:81:a6:52:
29:b6:c5:ed:58:a2:cc:8d:a4:b9:26:50:cf:ae:a2:
75:f8:dc:d2:72:5a:b9:3e:54:ff:a1:8e:c8:ed:b6:
91:3d:0a:a9:12:bc:8a:43:ea:6c:59:ac:71:a9:17:
74:5a:4a:6e:a6:4a:1b:37:3a:6b:71:ce:62:b8:bf:
94:73:bd:ea:ec:61:25:b4:70:74:52:88:59:89:5d:
49:d3:ee:38:95:3b:51:9c:c2:f9:17:a3:20:62:ff:
95:d1:c0:82:b9:38:bf:90:ca:0a:b0:6f:aa:b0:5b:
1b:f3:23:5e:01:75:09:5c:d7:b3:c6:76:9c:b9:f8:
13:c5:a1:ee:e8:f5:2b:15:37:57:82:ee:6c:be:b9:
a8:ed:50:5b:3e:41:2c:3a:f7:e6:40:0d:5d:45:3d:
f4:e9:53:91:76:92:f5:44:ce:a4:b0:b5:b2:df:64:
9f:2f:a0:cd:00:2f:f8:86:14:85:55:a9:7b:f1:66:
ba:d1:dc:a5:66:91:4e:db:1f:5c:a9:0b:f6:28:3b:
6a:04:ac:7a:08:2b:2f:89:35:74:9e:9c:84:85:16:
b5:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:DF:F3:B6:1E:33:3C:A7:7F:E6:EF:1E:5D:B2:A0:57:1C:4D:82:95
X509v3 Authority Key Identifier:
keyid:87:36:E9:B1:D0:14:74:AF:2C:3E:4F:8C:20:F4:61:D1:36:80:19:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hzbpsdAUdK8sPk-MIPRh0TaAGUk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/581183-7a83-4cab-bd8b-3b068db41140/1/nN_zth4zPKd_5u8eXbKgVxxNgpU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/93/581183-7a83-4cab-bd8b-3b068db41140/1/hzbpsdAUdK8sPk-MIPRh0TaAGUk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
145.79.0.0/16
Signature Algorithm: sha256WithRSAEncryption
99:a7:ed:62:93:d8:f6:4a:22:72:14:8b:4d:b7:0b:2f:43:dc:
98:ef:ca:25:5b:31:2b:68:d4:69:aa:05:c9:17:4d:77:85:44:
ae:d0:83:1b:3b:74:2c:a3:51:7d:02:f1:4e:01:e4:8f:74:e1:
d6:01:e5:48:61:ea:e3:5b:77:db:74:bf:18:90:ec:1f:0a:4e:
34:c0:4d:af:6b:cf:bc:17:90:d7:85:f1:87:c2:49:df:a9:da:
4d:80:9a:b6:31:a2:a8:d7:52:9e:57:aa:41:eb:fa:be:c0:b3:
09:be:35:35:51:c1:a2:ef:af:27:9c:b5:e7:cf:69:48:cd:e6:
c9:bc:ff:27:1f:3f:94:57:a9:1b:c8:95:5d:98:e2:45:d6:30:
d5:98:c4:3b:b0:c3:72:44:60:61:a3:7e:b7:71:a3:ec:bd:df:
a7:5a:45:6b:37:d7:12:75:a2:07:d5:2a:8a:63:de:d5:2e:ab:
cf:4c:93:e7:d7:b5:86:1d:1c:62:e1:99:ee:b2:29:b9:ba:ed:
f6:65:59:22:50:0a:6c:54:29:49:ba:21:2a:e5:bf:65:17:13:
4f:41:bd:fe:b7:29:a0:b0:42:49:4b:00:b0:66:a2:38:ce:07:
b7:1b:9a:5c:7b:1e:4d:4e:cc:3b:5a:31:be:d9:68:23:42:87:
e6:fb:69:00
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQntZH8MzFEAUXwtfXU/Y+HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MzZlOWIxZDAxNDc0YWYyYzNlNGY4YzIwZjQ2MWQxMzY4
MDE5NDkwHhcNMjUwMTAyMTU0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2RmZjNiNjFlMzMzY2E3N2ZlNmVmMWU1ZGIyYTA1NzFjNGQ4Mjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojwfEils1kvlXSOO58rT/NJ7rfip
1ftzCZckgYLJ6nCm8XE0pJAvt9aBplIptsXtWKLMjaS5JlDPrqJ1+NzSclq5PlT/
oY7I7baRPQqpEryKQ+psWaxxqRd0WkpupkobNzprcc5iuL+Uc73q7GEltHB0UohZ
iV1J0+44lTtRnML5F6MgYv+V0cCCuTi/kMoKsG+qsFsb8yNeAXUJXNezxnacufgT
xaHu6PUrFTdXgu5svrmo7VBbPkEsOvfmQA1dRT306VORdpL1RM6ksLWy32SfL6DN
AC/4hhSFVal78Wa60dylZpFO2x9cqQv2KDtqBKx6CCsviTV0npyEhRa16QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFJzf87YeMzynf+bvHl2yoFccTYKVMB8GA1UdIwQY
MBaAFIc26bHQFHSvLD5PjCD0YdE2gBlJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHpicHNkQVVkSzhzUGstTUlQUmgwVGFBR1VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My81ODExODMtN2E4My00Y2FiLWJkOGIt
M2IwNjhkYjQxMTQwLzEvbk5fenRoNHpQS2RfNXU4ZVhiS2dWeHhOZ3BVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My81ODExODMtN2E4My00Y2FiLWJkOGItM2IwNjhkYjQxMTQw
LzEvaHpicHNkQVVkSzhzUGstTUlQUmgwVGFBR1VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAkU8wDQYJ
KoZIhvcNAQELBQADggEBAJmn7WKT2PZKInIUi023Cy9D3JjvyiVbMSto1GmqBckX
TXeFRK7Qgxs7dCyjUX0C8U4B5I904dYB5Uhh6uNbd9t0vxiQ7B8KTjTATa9rz7wX
kNeF8YfCSd+p2k2AmrYxoqjXUp5XqkHr+r7Aswm+NTVRwaLvryectefPaUjN5sm8
/ycfP5RXqRvIlV2Y4kXWMNWYxDuww3JEYGGjfrdxo+y936daRWs31xJ1ogfVKopj
3tUuq89Mk+fXtYYdHGLhme6yKbm67fZlWSJQCmxUKUm6ISrlv2UXE09Bvf63KaCw
QklLALBmojjOB7cbmlx7Hk1OzDtaMb7ZaCNCh+b7aQA=
-----END CERTIFICATE-----
Generated at Tue Apr 8 07:31:21 2025 by rpki-client